In the local security policy there is a setting disabled by default, System Crytography: Use FIPS compliant algorithms for encryption, hashing, and signing. If I enable this on all machines on a network servers included will all transmissions over the wire or wireless be encrypted? If not are there other configurations I need to also modify? Is there a downside to configuring this? Will it include all applications traffic including database communications?Thanks in advance Bo

No, it just states that the encryption algorithm that is going to be used if anything is going to be encrypted/signed/or hashed is FIPS compliant. FIPS compliant is the highest level of encryption that can be selected in Windows 2008. When you want to enable encryption over the network you should configure ipsec to be required in all comunications. The level of encryption can then be set to FIPS compliant or something different. In that case all communications over the network will be encrypted. The downside offcourse is higher computational costs as every packet needs to be encrypted and decrypted. Another downside is that all systems need to be capable of supporting ipsec and your chosen encryption standard.